Information Security Manager

Location: Kansas City, MO
Date Posted: 11-28-2017
Information Security Manager

Status:  Full Time / Direct-Hire

Location:  Kansas City, MO


Responsible for supporting business goals and functions by protecting information assets from unacceptable levels of risk.  The role utilizes staff and resources to maintain an Information Security Program which meets regulatory requirements and organizational risk tolerance.  It is also responsible for cyber incident response and security reporting with a requirement to educate management on critical security analysis that impacts enterprise risk decisions.  The Information Security Manager must be a leader that understands information security’s role in supporting business objectives.
  • Advise management on risk levels and security posture.
  • Acquire and manage resources to support IT security goals and reduce organizational risk.  
  • Advise management on cost analysis of information security program and elements.
  • Collect and maintain data needed to meet information security reporting.
  • Manage the monitoring and analysis of information security data sources.
  • Ensure that information security inspections, tests, and reviews are coordinated.
  • Evaluate and approve application security program efforts to ensure that secure development practices are used.
  • Identify information security program implications of new organizational technologies.
  • Lead and oversee information security budget, staffing, and contracting.
  • Oversee the information security training and awareness program.
  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures.
  • Implement and lead the vulnerability management effort.
  • Manage cyber security incident response plan and corrective measures.
  • Track audit findings to ensure mitigation actions are taken.
  • Promote awareness of issues among management and ensure security principles are reflected in business goals.
  • Support compliance activities.
  • Ensure all acquisitions and outsourcing address information security consistent with organization goals.
  • Define and implement policies and procedures to ensure protection of critical data.
  • Maintain industry certification of CISSP or equivalent.
  • BS in Computer Science, CyberSecurity Management, or at least 8 years in similar position.
  • CISSP or equivalent industry certification - Mastery of Computer networking concepts, protocols, and network security methodologies and Cybersecurity and privacy principles to manage risks to data.
  • Incident response and handling
  • Information security program management
  • Knowledge of the following topics: Risk management processes (methods for assessing and mitigating risk), applicable business processes and operations for customer organizations.
  • Business continuity and disaster recovery planning, vulnerability information dissemination sources, Host/Network access control mechanisms, intrusion detection methods and techniques.
  • New and emerging IT and cybersecurity technologies, server and client operating systems
  • Project management principles
  • Data classification methods and procedures
  • Preferred experience includes:  Payment Card Industry data security standards (PCI DSS), Personal Health Information security standards (PHI), Insurance industry IT support and security; laws, policies, procedures, or governance relevant to cybersecurity, penetration testing tools and techniques, application security risks, e.g., OWASP Top 10

this job portal is powered by CATS